Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f75b1aec-79dd-49a4-950b-65b549cd35a7.roa
File:                     f75b1aec-79dd-49a4-950b-65b549cd35a7.roa (raw, json)
Hash identifier:          IDxTwG9AAbtKn6CZPpCJ0lIkOx1bzlTpaBQK5hBCbaM=
Subject key identifier:   C1:1C:3E:7C:56:66:58:44:5E:E2:0C:CB:81:31:E7:12:6F:2A:A1:3E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       54A2ABB652A1F2F153DC357B1478280142EEA88B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f75b1aec-79dd-49a4-950b-65b549cd35a7.roa
Signing time:             Sun 18 Aug 2024 00:00:00 +0000
ROA not before:           Sun 18 Aug 2024 00:00:00 +0000
ROA not after:            Sun 22 Sep 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 18 Aug 2024 22:58:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:a2:ab:b6:52:a1:f2:f1:53:dc:35:7b:14:78:28:01:42:ee:a8:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 18 00:00:00 2024 GMT
            Not After : Sep 22 23:59:59 2024 GMT
        Subject: serialNumber=4aa9097fcb7a7e3dd48d4cbc6ebf74c2c2384e5701db983440e6c0fd1ee45adb, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b9:6e:ec:a8:4e:fd:e1:79:46:80:9c:57:3a:
                    b8:5d:64:08:15:6f:8c:03:be:07:8b:76:d0:fa:05:
                    68:29:35:c4:18:3f:98:80:88:36:f5:46:38:84:9b:
                    96:38:d1:50:76:42:1a:0f:2c:0b:31:db:3b:c3:48:
                    12:17:8d:ff:51:c0:cd:09:5f:8e:7d:fd:59:02:91:
                    d2:97:af:4a:4f:6a:ac:c2:2e:7f:bb:7f:93:2f:35:
                    02:23:35:62:ed:3b:07:5f:74:c1:f6:ea:0e:1c:70:
                    a2:6c:89:51:44:44:c8:5d:81:9d:fa:ee:d7:e5:8c:
                    95:7f:d7:e0:15:57:4d:79:49:95:73:84:82:54:d8:
                    b7:8a:75:30:22:04:dc:a4:a0:b7:7a:b4:86:09:6d:
                    70:1a:4f:15:5b:87:55:73:97:46:60:1f:86:43:4d:
                    ec:0a:d7:4f:15:8c:5f:56:20:55:3d:61:9a:29:d9:
                    9a:98:89:f3:80:3c:d1:41:1f:be:28:16:f2:91:93:
                    f2:99:89:e0:2a:44:28:9e:c7:89:45:5f:0b:00:7c:
                    a5:5b:da:8a:07:8d:1d:ea:c5:b9:89:a7:1c:3d:80:
                    28:6b:7b:7b:40:0e:c4:ce:75:84:94:12:46:47:c1:
                    24:68:9d:c8:d3:ca:87:e3:22:5f:81:bd:a4:89:75:
                    3d:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:1C:3E:7C:56:66:58:44:5E:E2:0C:CB:81:31:E7:12:6F:2A:A1:3E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f75b1aec-79dd-49a4-950b-65b549cd35a7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:0f:32:82:65:2b:e7:83:7b:ff:21:86:62:38:04:bd:61:2b:
         a5:41:d6:9c:bc:4c:e4:50:10:6b:c3:36:d8:3a:51:2b:4d:51:
         64:f2:8d:2b:db:7d:18:5a:5a:3f:56:0f:57:f6:68:6f:eb:32:
         56:c5:a6:f2:eb:5d:37:13:c4:4a:bc:3c:8c:e6:99:9b:c3:e6:
         b8:da:da:91:f5:bc:9d:d1:d9:70:c0:ce:54:b3:69:cd:85:2d:
         40:e7:3f:b8:61:10:93:af:7e:3a:1b:34:2d:d3:10:15:fe:52:
         56:fd:4c:2b:54:77:9a:b1:fd:5e:4f:ea:84:29:2b:9c:75:74:
         1d:ff:46:a6:52:36:ab:f3:f8:fc:3c:5a:37:88:98:a4:3d:c5:
         9f:5d:88:a0:55:bd:82:e2:3b:8f:32:1d:1e:60:87:7c:12:e8:
         fc:3c:c1:61:1f:49:c4:ad:56:02:b8:ec:41:16:8e:48:b3:5a:
         8a:ba:f6:83:68:f5:28:20:cc:d0:36:01:d7:fa:2f:34:07:15:
         eb:c3:90:63:61:e5:0a:37:f9:2a:97:9e:88:29:ed:70:1e:e4:
         e5:a4:db:b4:48:c0:c5:ce:89:9e:53:93:95:1d:ff:a9:02:4c:
         57:b0:bc:9f:a5:c1:73:67:7f:18:6c:5a:98:23:ff:23:c0:8d:
         03:e3:32:2d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVKKrtlKh8vFT3DV7FHgoAULuqIswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwODE4MDAwMDAwWhcNMjQwOTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YWE5MDk3ZmNiN2E3ZTNkZDQ4ZDRjYmM2ZWJmNzRjMmMy
Mzg0ZTU3MDFkYjk4MzQ0MGU2YzBmZDFlZTQ1YWRiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxuW7sqE794XlGgJxXOrhdZAgVb4wDvgeLdtD6BWgpNcQY
P5iAiDb1RjiEm5Y40VB2QhoPLAsx2zvDSBIXjf9RwM0JX459/VkCkdKXr0pPaqzC
Ln+7f5MvNQIjNWLtOwdfdMH26g4ccKJsiVFERMhdgZ367tfljJV/1+AVV015SZVz
hIJU2LeKdTAiBNykoLd6tIYJbXAaTxVbh1Vzl0ZgH4ZDTewK108VjF9WIFU9YZop
2ZqYifOAPNFBH74oFvKRk/KZieAqRCiex4lFXwsAfKVb2ooHjR3qxbmJpxw9gChr
e3tADsTOdYSUEkZHwSRoncjTyofjIl+BvaSJdT2jAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwRw+fFZmWERe4gzLgTHnEm8qoT4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Y3NWIxYWVjLTc5ZGQtNDlhNC05NTBiLTY1YjU0OWNkMzVhNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFsPMoJlK+eDe/8hhmI4BL1hK6VB
1py8TORQEGvDNtg6UStNUWTyjSvbfRhaWj9WD1f2aG/rMlbFpvLrXTcTxEq8PIzm
mZvD5rja2pH1vJ3R2XDAzlSzac2FLUDnP7hhEJOvfjobNC3TEBX+Ulb9TCtUd5qx
/V5P6oQpK5x1dB3/RqZSNqvz+Pw8WjeImKQ9xZ9diKBVvYLiO48yHR5gh3wS6Pw8
wWEfScStVgK47EEWjkizWoq69oNo9SggzNA2Adf6LzQHFevDkGNh5Qo3+SqXnogp
7XAe5OWk27RIwMXOiZ5Tk5Ud/6kCTFewvJ+lwXNnfxhsWpgj/yPAjQPjMi0=
-----END CERTIFICATE-----